diff --git a/libavcodec/asv1.c b/libavcodec/asv1.c index a2519cb5c2..9eeec2675a 100644 --- a/libavcodec/asv1.c +++ b/libavcodec/asv1.c @@ -408,10 +408,9 @@ static int decode_frame(AVCodecContext *avctx, p->pict_type= AV_PICTURE_TYPE_I; p->key_frame= 1; - av_fast_malloc(&a->bitstream_buffer, &a->bitstream_buffer_size, buf_size + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&a->bitstream_buffer, &a->bitstream_buffer_size, buf_size); if (!a->bitstream_buffer) return AVERROR(ENOMEM); - memset(a->bitstream_buffer + buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); if(avctx->codec_id == CODEC_ID_ASV1) a->dsp.bswap_buf((uint32_t*)a->bitstream_buffer, (const uint32_t*)buf, buf_size/4); diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index e690c81e12..215bfc9bb4 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -4753,6 +4753,15 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size); */ void av_fast_malloc(void *ptr, unsigned int *size, size_t min_size); +/** + * Same behaviour av_fast_malloc but the buffer has additional + * FF_INPUT_PADDING_SIZE at the end which will will always be 0. + * + * In addition the whole buffer will initially and after resizes + * be 0-initialized so that no uninitialized data will ever appear. + */ +void av_fast_padded_malloc(void *ptr, unsigned int *size, size_t min_size); + /** * Copy image src to dst. Wraps av_picture_data_copy() above. */ diff --git a/libavcodec/eatqi.c b/libavcodec/eatqi.c index 245c143c88..d650a71713 100644 --- a/libavcodec/eatqi.c +++ b/libavcodec/eatqi.c @@ -127,7 +127,7 @@ static int tqi_decode_frame(AVCodecContext *avctx, return -1; } - av_fast_malloc(&t->bitstream_buf, &t->bitstream_buf_size, (buf_end-buf) + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&t->bitstream_buf, &t->bitstream_buf_size, buf_end-buf); if (!t->bitstream_buf) return AVERROR(ENOMEM); s->dsp.bswap_buf(t->bitstream_buf, (const uint32_t*)buf, (buf_end-buf)/4); diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index ad78b4cc0d..2abfea0d6e 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1474,13 +1474,9 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, int start_code; start_code = find_marker(buf_ptr, buf_end); - if ((buf_end - *buf_ptr) > s->buffer_size) { - av_free(s->buffer); - s->buffer_size = buf_end - *buf_ptr; - s->buffer = av_malloc(s->buffer_size + FF_INPUT_BUFFER_PADDING_SIZE); - av_log(s->avctx, AV_LOG_DEBUG, - "buffer too small, expanding to %d bytes\n", s->buffer_size); - } + av_fast_padded_malloc(&s->buffer, &s->buffer_size, buf_end - *buf_ptr); + if (!s->buffer) + return AVERROR(ENOMEM); /* unescape buffer of SOS, use special treatment for JPEG-LS */ if (start_code == SOS && !s->ls) { diff --git a/libavcodec/utils.c b/libavcodec/utils.c index 657eb5b932..ccccd54acc 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -69,16 +69,34 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size) return ptr; } -void av_fast_malloc(void *ptr, unsigned int *size, size_t min_size) +static inline int ff_fast_malloc(void *ptr, unsigned int *size, size_t min_size, int zero_realloc) { void **p = ptr; if (min_size < *size) - return; + return 0; min_size= FFMAX(17*min_size/16 + 32, min_size); av_free(*p); - *p = av_malloc(min_size); + *p = zero_realloc ? av_mallocz(min_size) : av_malloc(min_size); if (!*p) min_size = 0; *size= min_size; + return 1; +} + +void av_fast_malloc(void *ptr, unsigned int *size, size_t min_size) +{ + ff_fast_malloc(ptr, size, min_size, 0); +} + +void av_fast_padded_malloc(void *ptr, unsigned int *size, size_t min_size) +{ + uint8_t **p = ptr; + if (min_size > SIZE_MAX - FF_INPUT_BUFFER_PADDING_SIZE) { + *p = NULL; + *size = 0; + return; + } + if (!ff_fast_malloc(p, size, min_size + FF_INPUT_BUFFER_PADDING_SIZE, 1)) + memset(*p + min_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); } /* encoder management */ diff --git a/libavcodec/version.h b/libavcodec/version.h index f8bb5c69ae..24de77c416 100644 --- a/libavcodec/version.h +++ b/libavcodec/version.h @@ -21,8 +21,8 @@ #define AVCODEC_VERSION_H #define LIBAVCODEC_VERSION_MAJOR 53 -#define LIBAVCODEC_VERSION_MINOR 56 -#define LIBAVCODEC_VERSION_MICRO 105 +#define LIBAVCODEC_VERSION_MINOR 57 +#define LIBAVCODEC_VERSION_MICRO 100 #define LIBAVCODEC_VERSION_INT AV_VERSION_INT(LIBAVCODEC_VERSION_MAJOR, \ LIBAVCODEC_VERSION_MINOR, \